Secure Wired Network Setup for Linux
Using Network Manager
1. Connect the Ethernet cable to the network port. Right-click on the “Network Manager” icon at the top right corner and select “Advance Options”, then “Edit Connections...”.
2. From the “Network Connections” dialog, select the active ethernet connection and click on the gear icon to edit the connection profile.
3. Click on the “802.1X Security” tab and select the following options:
• Authentication: Protected EAP (PEAP)
• No CA certificate is required: Unchecked
• PEAP Version: Version 0
• Inner Authentication: MSCHAPv2
4. Enter your UTORid and Password. Select “Save” and close the windows.
5. Your computer should now be authenticated to the wired network. If not, restart your system or reconnect the network connection.
You can verify the network connection by right-clicking the “Network Manager” icon and selecting “Connection Information”.
Using wpa_supplicant
This is an example of how to configure Raspberry Pi OS to connect to the secured wired 802.1X network using wpa_supplicant. The instructions are very smilar to those for Ubuntu 22. For Ubuntu 18 and older, please refer to https://help.ubuntu.com/community/Network802.1xAuthentication for more information.
1. Connect the Ethernet cable to the network port.
2. Install wpa_supplicant
sudo apt install wpasupplicant
3. To avoid storing plain text password in the configuration file, generate the NtPasswordHash with the following command and copy the hash:
echo -n YOUR_PASSWORD | iconv -t utf16le | openssl md4
(stdin)= ae7455e0530cbe899da1ab2771193176
4. Create wpa_supplicant configuration file: /etc/wpa_supplicant/wpa_supplicant.conf and enter the following:
network={
key_mgmt=IEEE8021X
eap=PEAP
identity="YOUR_UTORid"
anonymous_identity="YOUR_UTORid"
password=hash: ae7455e0530cbe899da1ab2771193176
phase2="auth=MSCHAPV2"
}
5. To enable 802.1X authentication right away:
wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -ieth0
6. Your computer should now be authenticated to the wired network. Continue to the instructions below to enable autoconnect at boot time.
7. Copy the service file from /lib/systemd/system/ to /etc/systemd/system/:
sudo cp /lib/systemd/system/wpa_supplicant.service /etc/systemd/system/wpa_supplicant.service
8. Edit the wpa_supplicant.service file:
sudo nano /etc/systemd/system/wpa_supplicant.service
9. Find and modify the ExecStart parameter to the following, matching the ethernet interface:
ExecStart=/sbin/wpa_supplicant -u -s -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -ieth0
10. Optionally, add the following below ExecStart to allow the system to restart wpa_supplicant when a failure is detected:
Restart=always
11. Comment out the following line if it is in the configuration file. Save and exit the editor:
#Alias=dbus-fi.w1.wpa_supplicant1.service
12. Enable wpa_supplicant service at boot time:
sudo systemctl daemon-reload
sudo systemctl enable wpa_supplicant.service
13. Restart your computer. This time, your computer should enable 802.1X and authenticate automatically at boot time.